]> git.p6c8.net - jirafeau.git/blob - file.php
Security fix, bug fix and project name change.
[jirafeau.git] / file.php
1 <?php
2 /*
3 * Jirafeau, your web file repository
4 * Copyright (C) 2008 Julien "axolotl" BERNARD <axolotl@magieeternelle.org>
5 * Copyright (C) 2012 Jerome Jutteau <j.jutteau@gmail.com>
6 *
7 * This program is free software: you can redistribute it and/or modify
8 * it under the terms of the GNU Affero General Public License as
9 * published by the Free Software Foundation, either version 3 of the
10 * License, or (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU Affero General Public License for more details.
16 *
17 * You should have received a copy of the GNU Affero General Public License
18 * along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 define('JIRAFEAU_ROOT', dirname(__FILE__) . '/');
22
23 require(JIRAFEAU_ROOT . 'lib/config.php');
24 require(JIRAFEAU_ROOT . 'lib/settings.php');
25 require(JIRAFEAU_ROOT . 'lib/functions.php');
26
27 if(isset($_GET['h']) && !empty($_GET['h'])) {
28 $link_name = $_GET['h'];
29
30 if(!ereg('[0-9a-f]{32}$', $link_name)) {
31 header("HTTP/1.0 404 Not Found");
32
33 require(JIRAFEAU_ROOT . 'lib/template/header.php');
34 echo '<div class="error"><p>Error 404: Not Found</p></div>';
35 require(JIRAFEAU_ROOT . 'lib/template/footer.php');
36 exit;
37 }
38
39 $link_file = VAR_LINKS . $link_name;
40 if(file_exists($link_file)) {
41 $content = file($link_file);
42 $file_name = trim($content[0]);
43 $mime_type = trim($content[1]);
44 $file_size = trim($content[2]);
45 $key = trim($content[3], NL);
46 $time = trim($content[4]);
47 $md5 = trim($content[5]);
48 $onetime = trim($content[6]);
49
50 if(!file_exists(VAR_FILES . $md5)) {
51 if (file_exists(VAR_FILES . $md5 . '_count')) {
52 unlink(VAR_FILES . $md5 . '_count');
53 }
54 unlink($link_file);
55 require(JIRAFEAU_ROOT . 'lib/template/header.php');
56 echo '<div class="error"><p>' . _('File not available.') . '</p></div>';
57 require(JIRAFEAU_ROOT . 'lib/template/footer.php');
58 exit;
59 }
60
61 $counter = 1;
62 if (file_exists(VAR_FILES . $md5 . '_count')) {
63 $content = file(VAR_FILES . $md5 . '_count');
64 $counter = trim($content[0], NL);
65 }
66
67 if($time != JIRAFEAU_INFINITY) {
68 if(time() > $time) {
69 unlink($link_file);
70
71 $counter--;
72 if ($counter >= 1) {
73 $handle = fopen(VAR_FILES . $md5 . '_count', 'w');
74 fwrite($handle, $counter);
75 fclose($handle);
76 }
77 elseif ($counter == 0) {
78 if (file_exists(VAR_FILES . $md5 . '_count')) {
79 unlink(VAR_FILES . $md5 . '_count');
80 }
81 $new_name = jirafeau_detect_collision($md5 . '_' . $file_name, VAR_TRASH);
82 rename(VAR_FILES . $md5, VAR_TRASH . $new_name);
83 }
84
85 require(JIRAFEAU_ROOT . 'lib/template/header.php');
86 echo '<div class="error"><p>' . _('The time limit of this file has expired. It has been deleted.') . '</p></div>';
87 require(JIRAFEAU_ROOT . 'lib/template/footer.php');
88 exit;
89 }
90 }
91
92 if(!empty($key)) {
93 if(!isset($_POST['key'])) {
94 require(JIRAFEAU_ROOT . 'lib/template/header.php');
95 ?>
96 <div id="upload">
97 <form action="<?php echo $_SERVER['REQUEST_URI']; ?>" method="post">
98 <input type="hidden" name="jirafeau" value="<?php echo JIRAFEAU_VERSION; ?>" />
99 <fieldset>
100 <legend><?php echo _('Key protection'); ?></legend>
101 <table>
102 <tr>
103 <td><?php echo _('Give the key of this file:'); ?> <input type="password" name="key" /></td>
104 </tr>
105 <tr>
106 <td><input type="submit" value="<?php echo _('I have the right to download this file'); ?>" /></td>
107 </tr>
108 </table>
109 </fieldset>
110 </form>
111 </div>
112 <?php
113 require(JIRAFEAU_ROOT . 'lib/template/footer.php');
114 exit;
115 } else {
116 if($key != $_POST['key']) {
117 header("HTTP/1.0 403 Forbidden");
118
119 require(JIRAFEAU_ROOT . 'lib/template/header.php');
120 echo '<div class="error"><p>Error 403: Forbidden</p></div>';
121 require(JIRAFEAU_ROOT . 'lib/template/footer.php');
122 exit;
123 }
124 }
125 }
126
127 header('Content-Length: ' . $file_size);
128 header('Content-Type: ' . $mime_type);
129 if(!jirafeau_is_viewable($mime_type)) {
130 header('Content-Disposition: attachment; filename="' . $file_name . '"');
131 }
132 readfile(VAR_FILES . $md5);
133
134 if($onetime == 'O') {
135 unlink($link_file);
136
137 $counter--;
138 if ($counter >= 1) {
139 $handle = fopen(VAR_FILES . $md5 . '_count', 'w');
140 fwrite($handle, $counter);
141 fclose($handle);
142 }
143 elseif ($counter == 0) {
144 if (file_exists(VAR_FILES . $md5 . '_count')) {
145 unlink(VAR_FILES . $md5 . '_count');
146 }
147 $new_name = jirafeau_detect_collision($md5 . '_' . $file_name, VAR_TRASH);
148 rename(VAR_FILES . $md5, VAR_TRASH . $new_name);
149 }
150 }
151 exit;
152 } else {
153 header("HTTP/1.0 404 Not Found");
154
155 require(JIRAFEAU_ROOT . 'lib/template/header.php');
156 echo '<div class="error"><p>Error 404: Not Found</p></div>';
157 require(JIRAFEAU_ROOT . 'lib/template/footer.php');
158 exit;
159 }
160 } else {
161 header('Location: ' . $cfg['web_root']);
162 exit;
163 }
164
165 ?>

patrick-canterino.de